Internet of Things

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post. Guess which one this is? I’ve been reading the pundits, and considering my own findings as a cybersecurity professional. I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly. Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults. Here are our tips:

Default passwords – Always take a moment to replace the default user name and password (often just “admin” and “password”) with something more secure. Passwords should be ...

There is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories. We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.

As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.

The Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms. The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar. How we respond to DDoS attacks will have to change.

Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired. Here are some easy solutions:

I was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections. And as of today, it appears that it was not.

On Wednesday we looked at several of the important takeaways from this year’s Cyber Security Summit. Here are a few more.

Small businesses need to stop using public email services such as Gmail, Yahoo, or Hotmail for their business email. User credentials for 500,000 Yahoo email accounts have been stolen, and it could happen to the others. If you have a domain name you are using for a web site, then you should ...

I attended the (ISC)2 Security Congress in September, and one of the featured speakers was well known television journalist Ted Koppel. He gave a presentation about his new book Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. You are probably wondering, as I was, what would make Ted Koppel an authority on this particular subject? The answer is that ...

I recently read Dave Eggers book The Circle at the recommendation of a friend in the cybersecurity profession. While I don’t do book reviews in this blog very often, I thought I would throw in my two cents about this book.

I was recommended this book during a cybersecurity training class. I do want to say that this book looks unblinkingly at some ...

Back on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars. I have experienced this issue myself. Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application. The problem is that the car ...